Options

Subnet ordering

amir_spamir_sp Member Posts: 9 ■□□□□□□□□□
in MCSA / MCSE on Windows 2012 General
Hi guys
I have multiple Active directory domain service in my network.
when I list my dns(like nslookup mydomian.com) I see all of them but not my network IP range at the beginning.
for example: when I do nslookup in network A that starts with 192.168.19.x I see the below list:
name:mydomain.com
Addresses: 192.168.12.1
192.168.1.2
192.168.21.1
192.168.10.1
192.168.28.1
192.168.6.1
192.168.22.1
192.168.19.1
10.1.5.1
192.168.4.1
192.168.14.1
192.168.23.1
192.168.20.1
but I want my network to be first.
what should I do ?
tank you for your comments
· Share on FacebookShare on Twitter

Comments

  • Options
    BornToBeMildBornToBeMild Member Posts: 69 ■■□□□□□□□□
    What you are seeing is the order of the NS records registered in DNS for the domain. You could probably write something in Powershell to sort with the local network first, but it's not something that usually bothers people much.

    If you don't mind me asking, Is there a particular problem you are trying to fix?
    · Share on FacebookShare on Twitter
  • Options
    amir_spamir_sp Member Posts: 9 ■□□□□□□□□□
    tank you for replying me.
    yes this is problem. when i try to update group policy with the command(gpupdate /force) on a client sometimes it takes 10 min to reply! it means it sends my request to another network and check.
    I am trying to find the command in power shell and already googled it but I found nothing useful.
    any though ?
    · Share on FacebookShare on Twitter
  • Options
    poolmanjimpoolmanjim Member Posts: 285 ■■■□□□□□□□
    Is the 192.168.19.1 computer your PDC emulator?

    Have you tried targeting a different DC when creating/modifying the group policy?

    Have you considered configuring DNS netmask ordering? It is supposed to help with situations like yours.
    2019 Goals: Security+
    2020 Goals: 70-744, Azure
    Completed: MCSA 2012 (01/2016), MCSE: Cloud Platform and Infrastructure (07/2017), MCSA 2017 (09/2017)
    Future Goals: CISSP, CCENT
    · Share on FacebookShare on Twitter
  • Options
    BornToBeMildBornToBeMild Member Posts: 69 ■■□□□□□□□□
    poolmanjim: netmask ordering, well remembered. I think it's enabled by default, maybe somebody turned it off?

    OP: Possibly your client is not authenticating to a local DC. From a cmd prompt type SET. Check the entry for logonserver: If this is not what you expected, you should make sure that you have correctly defined Active Directory sites, and that your DCs and subnets are all associated with the proper sites. Also check your client DNS is pointing to the local DC.
    · Share on FacebookShare on Twitter
  • Options
    amir_spamir_sp Member Posts: 9 ■□□□□□□□□□
    poolmanjim wrote: »
    Is the 192.168.19.1 computer your PDC emulator?

    Have you tried targeting a different DC when creating/modifying the group policy?

    Have you considered configuring DNS netmask ordering? It is supposed to help with situations like yours.
    yes this is my pdc.
    what do u mean by "Have you tried targeting a different DC when creating/modifying the group policy?" ?
    DNS Netmas ordering is enabled and it changed every time that I send my request for mydomain.com
    · Share on FacebookShare on Twitter
  • Options
    amir_spamir_sp Member Posts: 9 ■□□□□□□□□□
    BornToBeMild wrote: »
    poolmanjim: netmask ordering, well remembered. I think it's enabled by default, maybe somebody turned it off?

    OP: Possibly your client is not authenticating to a local DC. From a cmd prompt type SET. Check the entry for logonserver: If this is not what you expected, you should make sure that you have correctly defined Active Directory sites, and that your DCs and subnets are all associated with the proper sites. Also check your client DNS is pointing to the local DC.
    I sent that list from my DC with ip add of 192.168.19.1. I have to see list that starts with my 192.168.19.1 not anything elce!
    · Share on FacebookShare on Twitter
  • Options
    BornToBeMildBornToBeMild Member Posts: 69 ■■□□□□□□□□
    When clients are attempting to find a domain controller they run a process called DC Locator. If you google that you'll see that it's quite a complex process that uses SRV DNS records registered by the DCs, AD Site objects, and AD Subnet objects to find a DC local to the client. It does not use the list of records that you posted.

    So unfortunately changing the order of records you are looking at won't fix the problem of clients not locating the local DC.
    · Share on FacebookShare on Twitter
  • Options
    poolmanjimpoolmanjim Member Posts: 285 ■■■□□□□□□□
    Edit: Was a little off base on my understanding of your issue, somehow I got GPO into my head and was thinking from domain controllers. I have revised my response, sorry.

    If your clients are taking that long to refresh policy they are likely having to transverse the WAN to accomplish that. The first thing to do is to make sure that each site in your forest has a domain controller. If it doesn't have a domain controller you need to ask the question "why not?" The purpose of sites is to reflect the physical layout of your network to ensure that unnecessary replication is not occurring over the links. However, if you lack a domain controller in a site, that site will have to jump over to another site (intersite traffic) to do its work.

    I would not recommend having a site topology that reflects sites that DO NOT have domain controllers in them. Include those sites in with others and be aware that replication may eat up some bandwidth between them. If that is a concern, you should be installing DCs in those sites.

    If you have domain controllers setup in your different sites and are still experiencing this issue, make sure that the domain controllers at the client sites are configured as the primary DNS for the client systems. You may also want to consider enabling change notification on your site. It can help with the replication of changes between sites. Lastly, check your replication interval, intersite links, and the replication topology. You may have an odd topology set up that could be throwing off your replication and causing it to take longer.
    2019 Goals: Security+
    2020 Goals: 70-744, Azure
    Completed: MCSA 2012 (01/2016), MCSE: Cloud Platform and Infrastructure (07/2017), MCSA 2017 (09/2017)
    Future Goals: CISSP, CCENT
    · Share on FacebookShare on Twitter
Sign In or Register to comment.